With widespread adoption of the Internet, and a changing paradigm away from centralized computing towards distributed computing, the evolution of private and public “clouds” has occurred. These clouds allow for data storage, application access, and computational processing to be made available beyond the logical network boundaries of a conventional educational, business, or government entity. Furthermore, a rapidly expanding trend towards the use of personal computing hardware within the professional sphere (often referred to as “bring your own device” or BYOD) has significantly exacerbated the movement of corporate data and computational assets beyond the boundaries of the company's internal network firewall.
These external systems require authentication in order to provide secured services. In the prior art, these systems require retention of the credential (typically a password) by the authenticating agent (typically a user). Considerable risk existed in the compromise of a password, initially via interception during transmission (snooping attacks) but eventually by more sophisticated attacks including brute force password guessing, social engineering attacks like phishing which encourage the user to provide their credential directly to an attacker, or interception at a lower level (for instance via keyboard logging).
The inherent security weaknesses in the prior art credential and password systems have been significantly increased by password reuse across multiple target systems, and by the use of weak passwords—both attempts by users to make credentials easier to remember and use. As a result, these credentials in the prior art are easier to compromise, and compromises lead to a much greater impact than a single target system.
Many enhancements to the base prior art have been attempted with both success and associated drawbacks. For instance, to mitigate user attempts to use easy-to-remember but also easy-to-compromise passwords, target systems have enforced password “policy” which specifies the length, number of different character types to be used, checks against dictionaries to prevent use of common words, and other characteristics. When implemented, these policies have decreased the ability of passwords to be compromised through a number of common password guessing algorithms; however, at the cost of making these credentials less easily remembered by end users. This has resulting in increased reuse of complex passwords (so that only one such cryptic password must be remembered), and an increase in storage of passwords in other easily compromised mediums (such as a paper notes, files on computer storage, or notes in mobile devices).
In an attempt to manage increasingly complex passwords across a spectrum of target systems, password management systems have evolved in the prior art. These systems store passwords in some secured method, and can then be used by the user to retrieve the password and provide it to a given target system. These systems improve greatly on non-secured storage, but since they are a store, compromise of the store effectively grants an attacker access to all passwords. This is especially true when the store is located in “the cloud”—where it can be accessed by a number of user devices, but also where it is more vulnerable to attackers from the network at large.
The prior art also includes “multi-factor authentication”—under this scheme, users are required to provide two or more pieces of information from something the user knows (typically a password), something the user is (biometrics like a fingerprint or retinal scan), and something the user has (typically physical devices with non-compromisable or changing data such as time based security tokens). Although multi-factor authentication addresses many security problems solely by making compromise of the password alone insufficient to gain access to the target system, uptake within the general population has been slow due to general unavailability of biometrics on a large scale, and complexity, ease-of-use, and cost concerns around use of physical devices.
The second set of challenges in the prior art revolves around data security, on the device and in the cloud.
Historically, data was kept on a single physical device, and simply limiting access to that device ensured the integrity of the data. As the trends identified earlier have advanced, two fundamental changes have occurred. First, devices that were previously fixed and could be secured through physical environment measures (facility security, guards, locks) are now mobile, subject to theft during transport, and often stored in non-secure environments (for example, a worker's home). Second, data that was previously stored on only a single device is now being propagated on a massive scale to other devices—either directly from device to device, or indirectly through cloud based storage. In cases of cloud based storage, this data is generally retained on the cloud service itself which yields another copy of the data, on an open network, which can be attacked and stolen by anyone able to breach the cloud service provider's network security.
Prior art approaches to resolving this problem have focused around data loss prevention, primarily by locking down the ability of individual users to move data off the single allowed physical device. This is typically achieved through monitoring routes off the machine, including applications that use the network (e.g. email, messaging programs, and file transfer programs) and physical devices (USB connected devices, removable hard drives, and other media). Typically, low level device drivers intercept calls to these programs and devices, analyze the content being sent, and selectively allow or disallow the operation in order to prevent unauthorized data movement.
However, this type of control cannot be applied to situations where cloud storage has been allowed. By definition, cloud storage means moving the data off the single physically protected machine asset into an environment that is accessible to many individuals. In the existing prior art, data protection in this environment has been achieved through two methodologies—first, simply relying on the physical and network security of the cloud provider. The second approach is to bring cloud storage within the confines of the enterprise—so that the cloud storage hardware can be secured and managed like any other corporate asset.
All prior art attempts to mitigate the security risks associated with data loss have not been completely satisfactory. The advent and rise of cloud storage, and the associated ability to have centralized data accessible from all of a single user's devices has made the choice of simply not embracing cloud storage, by and large, a non-option. Once the cloud choice has been made, it is desirable to use existing commercial cloud solutions—leveraging the specific skills of enterprises whose core business is to provide cloud solutions. However, it is unacceptable to exercise no direct control over the security of one's own data.
The third set of challenges revolves around successful collaboration and sharing of data.
Notwithstanding the risks of exposure of data when it has moved from a single, secured source, there are significant advantages to controlled sharing of data between multiple parties. For example, it allows the members of a team to collaborate on work; it allows suppliers and their customers to work more closely and quickly together; and it allows parties to a business transaction to quickly move through lengthy documentation reviews and reach agreement.
Prior art solutions to this problem have focused directly on the need to share between parties. All cloud providers allow sharing of documents stored in their solution, typically by either URL link, email attachment, or by allowing other participants to directly access the underlying cloud provider store.
The security implications of sharing have largely been ignored as they run counter to the openness of sharing. Instead, cloud providers have implemented security by either not sharing, or by asking the user to manage their own security (by limiting who they send links to, or by adding and removing people from an allowed list of accessors).
Furthermore, a fundamental problem with these three sets of challenges is that they interact with each other. Solving one problem often results in increasing the intensity or frequency of one of the other problems. For example, preferred methods to solve password problems often result in systems that are not easily mobile or usable across networks, preferred methods to make systems more secure tend to limit the ability to share with others, and systems that result in the highest level of sharing between parties are often easily compromised due to their inherently open nature.
As a result, the current state of art includes a vast number of target systems which user authentication primarily via complex passwords and the fragmented use of password management systems to store these passwords in centralized repositories on behalf of the user. Consequentially, continued challenges exist around controlling social engineering attacks, protecting password stores that contain many passwords, and pervasive credential reuse between multiple target systems.
Adoption of bring-your-own-device (BYOD) and cloud storage is widespread with their passwords adding to the challenges of credential management. Data in the cloud is most likely protected by individual passwords that may be reused or of dubious strength.
Enterprises require collaboration, within their teams, and even with external parties—but are at the whim of the cloud storage providers to implement all their security.
What is needed is a unified method and system that provides login protection (via high grade credentials) and data protection (via encryption) without limiting sharing, and without creating a credential or encryption key storage either on the user's device or in a centralized (cloud or enterprise) server.